Hello community, here is the log from the commit of package at for openSUSE:Factory checked in at 2014-10-05 20:30:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/at (Old) and /work/SRC/openSUSE:Factory/.at.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "at" Changes: -------- --- /work/SRC/openSUSE:Factory/at/at.changes 2014-10-01 11:22:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.at.new/at.changes 2014-10-05 20:30:33.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Sep 30 13:20:21 UTC 2014 - [email protected] + +- Add at-sane-envkeys.diff to skip exporting variables with + awkward keys [bsc#899160] + +------------------------------------------------------------------- New: ---- at-sane-envkeys.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ at.spec ++++++ --- /var/tmp/diff_new_pack.gEFpc8/_old 2014-10-05 20:30:35.000000000 +0200 +++ /var/tmp/diff_new_pack.gEFpc8/_new 2014-10-05 20:30:35.000000000 +0200 @@ -60,6 +60,7 @@ Patch24: at-backport-old-privs.patch #PATCH-FEATURE-UPSTREAM introduce -o <timeformat> argument for atq (bnc#879402) Patch25: at-atq-timeformat.patch +Patch26: at-sane-envkeys.diff BuildRequires: autoconf >= 2.69 BuildRequires: automake @@ -105,6 +106,7 @@ %patch23 -p1 %patch24 -p1 %patch25 +%patch26 -p1 %build rm -fv y.tab.c y.tab.h lex.yy.c lex.yy.o y.tab.o ++++++ at-sane-envkeys.diff ++++++ From: Jan Engelhardt <[email protected]> Date: 2014-09-30 15:15:52.645631792 +0200 X-Status: fixes an upstream issue Shells generally only allow setting environment variables whose keys are of the form /^[A-Z_][A-Z0-9_]/i. Exporting anything else is going to end in disaster (sh throwing syntax errors). --- at.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) Index: at-3.1.14/at.c =================================================================== --- at-3.1.14.orig/at.c +++ at-3.1.14/at.c @@ -225,6 +225,23 @@ nextjob() return jobno; } +/** + * @s: string in the form of "key=value" and \0-terminated + * @n: length of key portion + */ +static bool legit_key(const char *s, size_t n) +{ + /* First char has extra restrictions: must not be a digit */ + if (!isalpha(*s) && *s != '_') + return false; + for (; n-- > 0; ++s) { + if (!isalnum(*s) && *s != '_') + return false; + ++s; + } + return true; +} + static void writefile(time_t runtimer, char queue) { @@ -403,7 +420,10 @@ writefile(time_t runtimer, char queue) eqp++; } - if (export) { + if (!export || !legit_key(*atenv, eqp - *atenv)) { + continue; + } + fwrite(*atenv, sizeof(char), eqp - *atenv, fp); for (ap = eqp; *ap != '\0'; ap++) { if (*ap == '\n') @@ -439,7 +459,6 @@ writefile(time_t runtimer, char queue) fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp); fputc('\n', fp); - } } /* Cd to the directory at the time and write out all the * commands the user supplies from stdin. -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
